r2266: yay! LSA session keys on TCP now work!

(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)

5 files changed, 33 insertions, 165 deletions

diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 9083bfb795..16bf52cec2 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -63,6 +63,9 @@ struct dcerpc_pipe {
 		/* a callback to the dcerpc code when a full fragment
 		   has been received */
 		void (*recv_data)(struct dcerpc_pipe *, DATA_BLOB *, NTSTATUS status);
+
+		/* get the transport level session key */
+		NTSTATUS (*session_key)(struct dcerpc_pipe *, DATA_BLOB *);
 	} transport;
 
 	/* the last fault code from a DCERPC fault */
diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
index deef2232bf..fa9101bbd6 100644
--- a/source4/librpc/rpc/dcerpc_smb.c
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -348,6 +348,21 @@ static const char *smb_peer_name(struct dcerpc_pipe *p)
 	return smb->tree->session->transport->called.name;
 }
 
+/*
+  fetch the user session key 
+*/
+NTSTATUS smb_session_key(struct dcerpc_pipe *p, DATA_BLOB *session_key)
+{
+	struct smb_private *smb = p->transport.private;
+
+	if (smb->tree->session->user_session_key.data) {
+		*session_key = smb->tree->session->user_session_key;
+		return NT_STATUS_OK;
+	}
+
+	return NT_STATUS_NO_USER_SESSION_KEY;
+}
+
 /* 
    open a rpc connection to a named pipe 
 */
@@ -410,6 +425,7 @@ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe **p,
 	(*p)->transport.private = NULL;
 	(*p)->transport.shutdown_pipe = smb_shutdown_pipe;
 	(*p)->transport.peer_name = smb_peer_name;
+	(*p)->transport.session_key = smb_session_key;
 
 	(*p)->transport.send_request = smb_send_request;
 	(*p)->transport.send_read = send_read_request;
diff --git a/source4/librpc/rpc/dcerpc_tcp.c b/source4/librpc/rpc/dcerpc_tcp.c
index 896675a7f8..c290891b61 100644
--- a/source4/librpc/rpc/dcerpc_tcp.c
+++ b/source4/librpc/rpc/dcerpc_tcp.c
@@ -272,6 +272,18 @@ static const char *tcp_peer_name(struct dcerpc_pipe *p)
 }
 
 
+/*
+  fetch the user session key 
+*/
+NTSTATUS tcp_session_key(struct dcerpc_pipe *p, DATA_BLOB *session_key)
+{
+	/* this took quite a few CPU cycles to find ... */
+	session_key->data = "SystemLibraryDTC";
+	session_key->length = 16;
+
+	return NT_STATUS_OK;
+}
+
 /* 
    open a rpc connection to a named pipe 
 */
@@ -319,6 +331,7 @@ NTSTATUS dcerpc_pipe_open_tcp(struct dcerpc_pipe **p,
 
 	(*p)->transport.shutdown_pipe = tcp_shutdown_pipe;
 	(*p)->transport.peer_name = tcp_peer_name;
+	(*p)->transport.session_key = tcp_session_key;
 	
 	tcp = talloc((*p), sizeof(*tcp));
 	if (!tcp) {
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index c04937353c..fc9f6c847d 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -699,21 +699,7 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe *
 NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
 				  DATA_BLOB *session_key)
 {
-	struct smbcli_tree *tree;
-
-	if (p->security_state.generic_state) {
-		return gensec_session_key(p->security_state.generic_state, session_key);
-	}
-	
-	tree = dcerpc_smb_tree(p);
-	if (tree) {
-		if (tree->session->user_session_key.data) {
-			*session_key = tree->session->user_session_key;
-			return NT_STATUS_OK;
-		}
-	}
-
-	return NT_STATUS_NO_USER_SESSION_KEY;
+	return p->transport.session_key(p, session_key);
 }
 
 
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 1ef6145abc..022c5a85b1 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -497,152 +497,6 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 }
 
 
-static BOOL test_lsakey_puzzle(struct dcerpc_pipe *p_smb, 
-				      TALLOC_CTX *mem_ctx,
-				      struct policy_handle *handle_smb)
-{
-        NTSTATUS status;
-        struct dcerpc_pipe *p_tcp;
-	struct policy_handle handle_tcp, sec_handle, sec_handle2;
-	struct lsa_CreateSecret cr;
-	struct lsa_OpenSecret or;
-	struct lsa_SetSecret sr;
-	struct lsa_QuerySecret qr;
-	char *secname;
-	const char *secret1 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
-	DATA_BLOB session_key, blob1, blob2;
-	DATA_BLOB enc_key;
-	NTTIME old_mtime, new_mtime;
-	struct lsa_DATA_BUF buf1;
-	struct lsa_DATA_BUF_PTR bufp1;
-
-	status = torture_rpc_connection_transport(&p_tcp, 
-						  DCERPC_LSARPC_NAME, 
-						  DCERPC_LSARPC_UUID, 
-						  DCERPC_LSARPC_VERSION,
-						  NCACN_IP_TCP);
-	if (!NT_STATUS_IS_OK(status)) {
-		return False;
-	}
-
-	if (!test_OpenPolicy2(p_tcp, mem_ctx, &handle_tcp)) {
-		return False;
-	}
-
-	asprintf(&secname, "torturesecret-%u", (uint_t)random());
-
-	printf("calling CreateSecret on %s\n", secname);
-
-	init_lsa_Name(&cr.in.name, secname);
-
-	cr.in.handle = handle_smb;
-	cr.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
-	cr.out.sec_handle = &sec_handle;
-
-	status = dcerpc_lsa_CreateSecret(p_smb, mem_ctx, &cr);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("CreateSecret failed - %s\n", nt_errstr(status));
-		return False;
-	}
-
-	status = dcerpc_fetch_session_key(p_smb, &session_key);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
-		return False;
-	}
-
-	printf("SMB session key:\n");
-	dump_data(0, session_key.data, session_key.length);
-
-	enc_key = sess_encrypt_string(secret1, &session_key);
-
-	blob1 = data_blob_talloc(mem_ctx, enc_key.data, enc_key.length);
-	sess_crypt_blob(&blob1, &enc_key, &session_key, False);
-
-	printf("Plain-text:\n");
-	dump_data(0, blob1.data, blob1.length);
-
-	printf("SMB encrypted:\n");
-	dump_data(0, enc_key.data, enc_key.length);
-
-	sr.in.handle = &sec_handle;
-	sr.in.new_val = &buf1;
-	sr.in.old_val = NULL;
-	sr.in.new_val->data = enc_key.data;
-	sr.in.new_val->length = enc_key.length;
-	sr.in.new_val->size = enc_key.length;
-
-	printf("calling SetSecret\n");
-
-	status = dcerpc_lsa_SetSecret(p_smb, mem_ctx, &sr);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("SetSecret failed - %s\n", nt_errstr(status));
-		return False;
-	}
-
-	or.in.handle = &handle_tcp;
-	or.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
-	or.in.name = cr.in.name;
-	or.out.sec_handle = &sec_handle2;
-
-	printf("Calling OpenSecret\n");
-
-	status = dcerpc_lsa_OpenSecret(p_tcp, mem_ctx, &or);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("OpenSecret failed - %s\n", nt_errstr(status));
-		return False;
-	}
-
-	ZERO_STRUCT(new_mtime);
-	ZERO_STRUCT(old_mtime);
-
-	/* fetch the secret back again */
-	qr.in.handle = &sec_handle2;
-	qr.in.new_val = &bufp1;
-	qr.in.new_mtime = &new_mtime;
-	qr.in.old_val = NULL;
-	qr.in.old_mtime = NULL;
-
-	bufp1.buf = NULL;
-
-	status = dcerpc_lsa_QuerySecret(p_tcp, mem_ctx, &qr);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("QuerySecret failed - %s\n", nt_errstr(status));
-		return False;
-	}
-
-	status = dcerpc_fetch_session_key(p_tcp, &session_key);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
-		return False;
-	}
-
-	printf("TCP session key:\n");
-	dump_data(0, session_key.data, session_key.length);
-
-	blob1.data = qr.out.new_val->buf->data;
-	blob1.length = qr.out.new_val->buf->length;
-
-	printf("Encrypted blob:\n");
-	dump_data(0, blob1.data, blob1.length);
-
-	session_key.length = 16;
-	blob2 = data_blob_talloc(mem_ctx, blob1.data, blob1.length);
-
-	/* try a zero session key to decrypt. */
-	data_blob_clear(&session_key);
-	sess_crypt_blob(&blob2, &blob1, &session_key, False);
-	printf("Test-text:\n");
-	dump_data(0, blob2.data, blob2.length);
-
-        torture_rpc_close(p_tcp);
-
-	test_Delete(p_smb, mem_ctx, &sec_handle);
-
-	return True;
-}
-
-
 static BOOL test_EnumAccountRights(struct dcerpc_pipe *p, 
 				   TALLOC_CTX *mem_ctx, 
 				   struct policy_handle *acct_handle,
@@ -1040,10 +894,6 @@ BOOL torture_rpc_lsa(int dummy)
 		ret = False;
 	}
 
-	if (!test_lsakey_puzzle(p, mem_ctx, &handle)) {
-		ret = False;
-	}
-
 	if (!test_many_LookupSids(p, mem_ctx, &handle)) {
 		ret = False;
 	}